Django admin - limiting access to objects based on the user logged in

Question

Hi, I'm working on creating a simple website for an exhibition. It's intended to use django with django CMS as much as possible - so Django admin site will be used.

Now I want to limit user's access to objects they can view/modify/delete.

There's going to be an Admin user, who can do all that admin can in django. But there are going to be Exhibitor types of users, who should be able to only see/modify their own objects (like - Page and Offer, they both would have an ID of the Exhibitor who's their owner).

Can this be done on the model level in django? Best would be to have some method that would take a logged-in-user instance and return the list of objects that this user can see.

Answer 1

There used to be a Row level permissions branch but it appears to have died off before gaining any traction or hope of being included into the trunk, so unfortunately that is out. That link does, however, give you a bit of a hint as to how they claim the admin app currently supports it via the ModelAdmin class.

Answer 2

This can help